How to: Customize User Login When Using the WCF Authentication Service
This topic shows how to validate customized credentials to authenticate users when you call the ASP.NET authentication service by using Windows Communication Foundation (WCF). Typically, authentication requires only a user name and password. However, in some cases you might have to verify a user's identity by using additional credentials, such as an identification number.
You use the WCF implementation of the authentication service when you want to log a user in from a client application that can send and consume a SOAP 1.1 message, such as a Java application.
To validate customized credentials for authentication
In the Global.asax file of the Web application, create an event handler for the Authenticating event.
In the handler, read the contents of the CustomCredential property of the handler's AuthenticatingEventArgs parameter, and then authenticate the values.
The following example shows how to read two authentication values from the CustomCredential property and then pass them to a custom authentication class named StudentAuthentication.
Sub AuthenticationService_Authenticating _ (ByVal sender As Object, _ ByVal e As System.Web.ApplicationServices.AuthenticatingEventArgs) Dim studentid As String = String.Empty Dim answer As String = String.Empty Dim credentials As String() = _ e.CustomCredential.Split(New Char() {","c}) If (credentials.Length > 0) Then studentid = credentials(0) If (credentials.Length > 1) Then answer = credentials(1) End If End If Try e.Authenticated = _ StudentAuthentication.ValidateStudentCredentials _ (e.Username, e.Password, studentid, answer) Catch ex As ArgumentNullException e.Authenticated = False End Try e.AuthenticationIsComplete = True End Sub
void AuthenticationService_Authenticating(object sender, System.Web.ApplicationServices.AuthenticatingEventArgs e) { string studentid = String.Empty; string answer = String.Empty; string[] credentials = e.CustomCredential.Split(new char[] { ',' }); if (credentials.Length > 0) { studentid = credentials[0]; if (credentials.Length > 1) { answer = credentials[1]; } } try { e.Authenticated = StudentAuthentication.ValidateStudentCredentials (e.UserName, e.Password, studentid, answer); } catch (ArgumentNullException ex) { e.Authenticated = false; } e.AuthenticationIsComplete = true; }
In the Application_Start method of the Global.asax file, bind the event handler for the Authenticating event.
The following example shows how to bind a handler to the Authenticating event.
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs) AddHandler System.Web.ApplicationServices.AuthenticationService.Authenticating, _ AddressOf Me.AuthenticationService_Authenticating End Sub
void Application_Start(object sender, EventArgs e) { System.Web.ApplicationServices.AuthenticationService.Authenticating += new EventHandler<System.Web.ApplicationServices.AuthenticatingEventArgs>(AuthenticationService_Authenticating); }
Call the authentication service from an application that can consume a SOAP message from a Web service, and pass the extra values to be authenticated in the CustomCredential property.
Compiling the Code
- You must set up the authentication service on a Web server for the previous examples to work. For more information, see How to: Enable the WCF Authentication Service.
Robust Programming
The previous code examples show a custom authentication class that throws the ArgumentNullException if any of the parameters are null. Your code must handle any exceptions that are raised during validation.
Security
Always access the authentication service by using the Secure Sockets Layer (SSL), using HTTPS protocol.
See Also
Reference
Concepts
Windows Communication Foundation Authentication Service Overview